Babel is a powerful protection tool for Microsoft .NET Framework. Program written in .NET languages, like C# and Visual Basic, are far easier to reverse engineer because they compile to MSIL (Microsoft Intermediate Language), a CPU independent instruction set that is embedded into .NET assemblies with other information (Metadata) enough to reconstruct the original source code. Babel will transform assemblies in order to conceal the code so that reversing is made difficult. This transformation process is called obfuscation.
Babel Obfuscator generates completely obfuscated managed code: No native CPU instructions are inserted into the obfuscated assembly, making the application CPU dependent and removing the potential cross platform nature of .NET Framework.
Babel provides an icredible number of features which can be accessed from the command line and also from a new graphical user interface. Please take a look at the following list of avaialbe features.
Babel is available in three different editions: Flexible, Professional and Enterprise, each coming with a different set of features. To compare the features available in each edition, please refer to the feature table.
Althogh Bable Obfuscator was born as a command-line tool, we recently developed a graphical user interface that allows to setup an obfuscation project with few mouse clicks. The project files are MSBuild scripts, making easy to integrate the obfuscation process into automatic build environments.
Babel can rename types, methods, properties, events, fields, namespaces and method parameters. The original symbol name are changed, so it is no more possible to recover the meaning of the obfuscated member. This makes code understanding and reverse engineering extremely difficult. You can choose two different renaming convections: alphabet characters and unprintable Unicode symbols. They both minimize the number of character symbol used, reducing the overall metadata size and load time.
With overloaded renaming, the same name is used to rename methods with different signatures as long as it is allowed by .NET Framework design rules. This makes it even more difficult for a hacker to reverse engineer the code. Babel also renames overloads when only the method return type differs, making it impossible to entirely decompile the code to high-level languages like C# and VB.NET, in which overloading the return type is not permitted.
Babel accepts custom Unicode character set used to generate obfuscated member names. The user can customize its character set increasing the unreadability of the disassembled code.
Babel can parse XAML and BAML resources and rename all the members referenced into the XAML/BAML code to produce a better obfuscation increasing the percentage of obfuscated symbols. This also makes your XAML code more difficult to read. Babel is also able to merge into a single assembly file multiple assemblies containing XAML/BAML resources.
Babel can automatically remove unused code and metadata, reducing the assembly size on disk and improving the load time during execution.
Babel can merge dependency assemblies into your application assembly, providing an effective solution to single-assembly deployment. During merging, Babel can also lower the visibility of public types in referenced assemblies to internal. This change increases the number of symbols that Babel can rename, thus improving the effectiveness of the obfuscation. Babel is also able to merge Silverlight and WPF assemblies containing XAML and BAML resources.
Referenced assemblies can be embedded into the main application assembly. Babel can embed multiple assemblies into the main application reducing the overall size of the deployed application.
Babel can encrypt so-called User Strings embedded into a managed assembly. User Strings are strings found in the heap blob that are referenced in the user code. Babel has different methods (algorithms) of encrypting strings and can also be configured to run user-customized string encryption.
Sometimes constant values and arrays declared inline, inside a method, may contain sensitive information such as data encryption keys that the user wants to hide to disassembler. Babel Obfuscator is able to encrypt constant values and arrays inside a method, providing an extra protection layer.
Babel can compress and encrypt embedded resources to protect your resources and also to reduce the overall assembly size. The encrypted resources are loaded at runtime when they are eventually needed.
Control flow obfuscation consists of changing the execution path of a method. Babel can make if statements more complex to read, insert a number of irrelevant branches, add multiple switch instructions without changing the behavior of the method so that is very difficult to analyze after decompilation.
Invalid op-codes are byte codes not recognized by the runtime as valid MSIL instructions that Babel inserts in each method to prevent the disassembler from decompiling the method.
Babel can encrypt the MSIL byte code of a method and embed the encrypted data into managed resources or external files. The encrypted data is then decrypted at runtime and compiled on the fly to a managed dynamic method before execution. This process is done entirely in managed code: there is no use of unmanaged stubs, native CPU instructions or external platform-invoke calls. The encrypted method is not available to decompilers, so it can't be reverse engineered.
Currently MSIL encryption is supported only by Microsoft .NET Framework 2.0 or later. This feature is not available on .NET Framework 1.1, Silverlight and Compact Framework.
With dynamic proxy calls it is possible to hide all the calls to external and internal methods, inside delegate types dynamically built at runtime.
Babel can obfuscate public members in multiple assemblies and then align the names of obfuscated symbols referenced in each assembly. This maximizes the overall number of renamed symbols, further improving the obfuscation.
Babel can handle PDB debug symbol files merging and fixing debug information during the obfuscation process. So it is possible to use debug symbols files with obfuscated assemblies to decode exception stack trace information or even perform step through debugging in Visual Studio.
Satellite assemblies are those generated by Visual Studio for projects that contain localized resources. Babel can handle and automatically obfuscate satellite DLLs that are part of an obfuscated executable. You don’t need to specify them as inputs. Babel will search for culture-specific assembly resources located in application directories and align referenced resource names.
Code instrumentation allows injection of code into an assembly by hooking the entry and exit of any method or property or the catch of any exception. With code instrumentation, you can create a series of components ranging from custom logging, licensing, custom exception management and plug them into any existing assembly.
Babel can perform a series of optimizations during the obfuscation process. Automatic class sealing and removal of unnecessary attributes can increase the application performance and reduce the overall size on disk.
Classes that are not used as base classes in an inheritance chain can be sealed. When the JIT compiler sees a call to a virtual method using a sealed type, it can produce more efficient code by calling the method non-virtually.
Most of the times, the compiler-generated code it is full of attributes that can be removed without affecting the behavior of the application during execution. Babel can remove any unnecessary attributes applied to a defined type or member reducing the overall disk size of the deployed application.
Babel can remove, whenever possible, System.Enum types defined into the target assembly by replacing their fields with the relative values. This optimization saves disk space and also makes the disassembled code more difficult to understand due to the use of constants instead of field names.
The obfuscation process can be customized by using XML rules files. These rules files allow you to configure each phase performed by the obfuscator fine tuning each feature to produce better obfuscation.
The obfuscation of assemblies can be performed from within Visual Studio by means of post build events. You can also run Babel from MSBuild using the Babel task provided.
If you want to know more about Babel Obfuscator features, please download the Babel User's Guide available in PDF format.